• All function and service in the 1.10 release. This includes the z/VM guest LAN and virtual switch support shipped in 1.10 APARs VM63452 (base support) and VM63750 (sniffer support).
  

• Mixed case password support.
  • Passwords can now contain lower case alphabetic characters.
  • Enablement of mixed case support, and updated password syntax rules, managed with the SETROPTS command.
    

• Password phrase support.
  • A password substitute which can be from 9 to 100 characters in length, without the character restrictions of passwords.
  • Can be used to LOGON to CP, TELNET, and FTP.
  • Many password-related SETROPTS options apply to password phrases as well.
  • Sample new-password-phrase-exit ICHPWX11 which calls a REXX exec in which additional quality rules may be coded.
    

• Support for the new z/VM LDAP server. This allows LDAP clients (such as a Linux image) to:
  • update and query information in RACF user and group profiles,
  • authenticate to the LDAP server using a RACF password, and
  • use LDAP services to submit remote authorization and audit requests to the RACF server.
    

• Various improvements to user related processing.
  • Support for NOPASSWORD users. Such a user could still have a password phrase, and be forced to authenticate using it. Or, the user could have neither a password, nor a phrase, as an additional control for service virtual machines. RACF has been changed to create NOPASSWORD users by default, rather than setting the initial password to the user's default group.
  • Improved auditing of password changes.
  • Ability to specify NOEXPIRED on the ALTUSER command so that the password assigned does not need to be changed at LOGON. This is helpful to user management and password synchronization applications.
  • Improved ALTUSER command places the user's current password in the password history list before changing the password.
    

• The SMF data unload utility can emit XML output.
  

• Protection for the CP FOR command, and for DIAGNOSE X'88'.
  

• The RACF class descriptor table has increased the number of POSIT values available for use, resulting in the ability to add more customer-defined classes.
  

• Simplification of the documentation library by removal of information pertinent to only MVS (z/OS).

RACF/VM V1.10 and the RACF for z/VM feature:

• Provides the capability to register OpenExtensions for VM/ESA users and groups in the RACF database.
  

• Offers security for files and directories residing in the OpenExtensions byte file system.

• Contains Shared file system (SFS) support, enabling RACF file level protection for files and directories residing in the VM/ESA shared file system.
  

• Simplifies product installation and service through VMSES/E support.
  

• Allows advanced analysis of audited events using  SMF Data Unload.
  

RACF for VM V1.10 (5740-XXH) is planned to be supported until May 5, 2008, for the Common Criteria Certification feature, formerly known as z/VM V5.1.  The RACF for VM feature is planned to be supported on z/VM V5.2 until April 30, 2009.

Starting with z/VM 5.3, RACF releases are specific to the release of the operating system, much like the Security Server for z/OS. That is, the RACF Security Server feature FL530 is supported only on z/VM 5.3, and is not planned to be supported on any other z/VM release.

Program Directory

Download or browse the Program Directory for the RACF for z/VM feature version 5 release 2.

The Program Directory for the RACF Security Server feature for z/VM Version 5 Release 3 is planned to be available by 29 June 2007.

Information about downloading and browsing PDF files.

This page was last updated March 2008.